Python SDK

A full reference of our Python SDK.

You can use our Python SDK to:

  1. Encrypt data at your server
  2. Run your Functions
  3. Encrypt/decrypt data with Relay

You can use our Python SDK to encrypt data — rather than with Relay — and still send it to a third-party via Outbound Interception. Encrypting with our backend SDKs is best for developers who want to avoid the network latency of Relay and/or want to avoid sending plaintext data to Relay to be encrypted.

Encrypting data with our backend SDKs instead of Relay may expose you to greater compliance burden because plaintext data touches your server before it is encrypted.

You don’t need to change your database configuration. You can store Evervault-encrypted data in your database as you would the plaintext version.


Our Python SDK is distributed via pypi, and can be installed using pip.

pip install evervault


import evervault
# Initialize the client with your team’s API key
# Encrypt your data
encrypted = evervault.encrypt({ "name": "Claude" })
# Process the encrypted data in a Function
result ="<YOUR_CAGE_NAME>", encrypted)


The Evervault Python SDK exposes four functions:

  • evervault.init()
  • evervault.encrypt()
  • evervault.create_run_token()


evervault.init() initializes the SDK with your API key. Configurations for the interception of outbound requests may also be passed in this function.

evervault.init(api_key = str[, decryption_domains = list, retry = bool, curve = str])
api_keystrThe API key of your Evervault Team
decryption_domainslist(str)Requests sent to any of the domains listed will be proxied with Outbound Interception. Wildcard domains are supported. See Outbound Relay to learn more.
enable_outbound_relay (beta)boolEnables Outbound Relay by syncing your Outbound Relay Destinations configured in your Evervault App.
retryboolRetry failed Cage operations (maximum of 3 retries; False by default)
curvestrThe elliptic curve used for cryptographic operations. See Elliptic Curve Support to learn more.
debugRequestsboolOutput request domains and whether they were sent through outbound interception

We provide two curve options. You can set them as follows:

  • curve = evervault.Curves.SECP256K1 or
  • curve = evervault.Curves.SECP256R1


evervault.encrypt() encrypts data for use in your Functions. To encrypt data at the server, simply pass a dict or string into the evervault.encrypt() function. Store the encrypted data in your database as normal.

evervault.encrypt(data = dict | string)
datadict or stringData to be encrypted. lets you invoke a Function with a given payload.

python = str, data = dict[, options = dict])
function_namestringName of the Function to be run.
datadictPayload for the Function.
optionsdictOptions for the function run.
asyncBooleanFalseRun your Function in async mode. Async Function runs will be queued for processing.
versionIntegerNoneSpecify the version of your Function to run. By default, the latest version will be run.


evervault.create_run_token() creates a single use, time bound token for invoking a function.

evervault.create_run_token(function_name = str, data = dict)
function_namestrName of the Function the run token should be created for.
datadictPayload that the token can be used with.

Was this page useful?